fix(inbound-api): resolve InboundAPI-014..017 — return-value validation, reflection-gateway hardening, deadline-bound routed calls, RouteHelper test coverage

2026-05-17 03:18:33 -04:00
parent aca65e85bb
commit 73a393076a
12 changed files with 993 additions and 34 deletions
@@ -174,7 +174,10 @@ public class InboundScriptExecutor

        try
        {
-            var context = new InboundScriptContext(parameters, route, cts.Token);
+            // InboundAPI-016: bind the route helper to the method deadline so a
+            // routed Route.To(...).Call(...) inherits the method-level timeout
+            // without the script having to thread the context token by hand.
+            var context = new InboundScriptContext(parameters, route.WithDeadline(cts.Token), cts.Token);

            if (!_scriptHandlers.TryGetValue(method.Name, out var handler))
            {
@@ -202,6 +205,19 @@ public class InboundScriptExecutor
                ? JsonSerializer.Serialize(result)
                : null;

+            // InboundAPI-014: validate the script's return value against the
+            // method's declared ReturnDefinition. A method whose script returns a
+            // shape inconsistent with its definition must not silently emit a
+            // malformed 200 — surface it as a script failure (500) and log.
+            var returnValidation = ReturnValueValidator.Validate(resultJson, method.ReturnDefinition);
+            if (!returnValidation.IsValid)
+            {
+                _logger.LogWarning(
+                    "API method {Method} return value rejected: {Error}",
+                    method.Name, returnValidation.ErrorMessage);
+                return new InboundScriptResult(false, null, "Method return value did not match its return definition");
+            }
+
            return new InboundScriptResult(true, resultJson, null);
        }
        catch (OperationCanceledException)